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DETAILED ACTION 



1. 



This action is in reply to applicant's correspondence of 15 March 2006. 



2, 



Claims 1-25 are pending for examination. 



3. 



Claims 1, 14, 16 and 21-25 are rejected. 



Claim Rejections - 35 USC §101 



35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

4. Claims 22-25 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. The phrase "A computer program product comprising" is not 
necessarily embodied software on computer readable media (subject to inclusion of said subject 
matter in the specification) corresponding to a method of said embodied software. For the sake of 
applying art, the examiner assumes that the embodied software of the method is so embodied on . 
computer readable media. - 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this 
country, more than one year prior to the dale of application for patent in the United States. 

5. Claims 1, 14, 16 and 21 are rejected under 35 U.S.C. 102(b) as being anticipated by 

Xenitellis, S., 'Security Vulnerabilities in Event-Driven Systems', ISG, Royal Holloway Univ. of London, 2002, entire document, 
http://www.isg.rhul.ac.uk/-'simos/pub/OLD/Security VulnerabilitieslnEvent-drivenSystems.pdf ('Xenitellis'). 
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6. 



As per claim 1; "A method comprising: 



hooking 



an exception handler dispatcher [Section 1-5, whereas in an 'event driven model' 
with the associated system event dispatcher called as part of the operating system kernel, 
and associated modification or not upon 'condition interception [i.e., after subsequent 
hooking]' response, encompasses the claimed limitations as broadly interpreted by the 
examiner.]; 
stalling execution of 

said exception handler dispatcher 
upon invocation of 



said exception handler dispatcher [Section 1-5, whereas in an 
'event driven model' with the associated system event dispatcher called as 
part of the operating system kernel, and associated modification or not 
upon 'condition interception' response [i.e., stalling], encompasses the 
claimed limitations as broadly interpreted by the examiner.]; and 



determining whether 



an exception handling is valid. 



wherein 



upon a determination that said exception handling is valid. 



said method further comprising 



allowing said execution of said exception handler dispatcher 
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to proceed [Section 1-5, whereas in an 'event driven model' 
with the associated system event dispatcher called as part of the 
operating system kernel, and associated modification or not upon 
'condition interception' response [i.e., stalling determination as a 
result of exception processing, and subsequent continuation or not 
of exception/event], encompasses the claimed limitations as 
broadly interpreted by the examiner.].". 

As per claim 22, this claim is the embodied software claim for the method claim 1 above, 
and is rejected for the same reasons provided for the claim 1 rejection; "A computer program 
product comprising: 

an exception handling validation application for 
hooking 

an exception handler dispatcher; 
said exception handling validation application further for 
stalling execution of 

said exception handler dispatcher 
upon invocation of 

said exception handler dispatcher; and 
said exception handling validation application further for 
determining whether 

an exception handling is valid, 
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wherein 

upon a determination that said exception handling is valid, 

said exception handling validation application further for 
allowing said execution of said exception handler 
dispatcher 

to proceed.". 



7. Claim ] 4 additionally recites the limitation that; "The method of Claim 1 wherein 
upon a determination that said exception handhng is not valid during said determining, 

said method further comprising 

taking protective action.". 
The teachings of Xenitellis are directed towards such Hmitations (i.e., Section 1-5, whereas in an 
'event driven model' with the associated system event dispatcher called as part of the operating 
system kernel, and associated modification or not upon 'condition interception' response [i.e., 
stalling determination as a result of exception processing, and subsequent continuation or not 
('taking protective action') of exception/event], encompasses the claimed limitations as broadly 
interpreted by the examiner.). 

8. Claim 16 additionally recites the limitation that; "The method of Claim 14 further 
comprising 

providing a notification that 

said protective action has been taken.". 
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The teachings of Xenitellis are directed towards such limitations (i.e.. Section 1-5, whereas in an 
'event driven model' with the associated system event dispatcher called as part of the operating 
system kernel, and associated modification or not upon 'condition interception' response [i.e., 
stalling determination as a result of exception processing, and subsequent continuation or not 
('providing a notification . . . taking protective action') of exception/event], encompasses the 
claimed limitations as broadly interpreted by the examiner.). 

9. As per claim 2 1 ; "A method comprising: 
determining that 

exception handling is valid 

prior to allowing execution of 

an exception handler dispatcher [Section 1-5, whereas in an 'event 
driven model' with the associated system event dispatcher called as part of 
the operating system kernel, and associated modification or not upon 
'condition interception' response [i.e., determination as a result of 
exception processing, and subsequent continuation. or not (valid/not valid) 
of exception/event], encompasses the claimed limitations as broadly 
interpreted by the examiner.].". 



Allowable Subject Matter 
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Claims 2-13, 15, 17-20, 23-25 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims, and subject to the above 35 U.S.C. 101 rejection. 

10. Claim 2 additionally recites the limitation that; "The method of Claim 1 wherein 
said determining whether an exception handling is valid comprises: 

determining whether 

exception handler frame addresses are 
in order.". 

As per claim 23, this claim is the embodied software claim for the method claim 2 above, 
and is objected to for the same reasons provided for the claim 2 objection; "The computer 
program product of Claim 22 wherein 

said determining whether an exception handling is valid comprises: 
determining whether 

exception handler frame addresses are 
in order.". 

1 1 . Claim 3 additionally recites the limitation that; "The method of Claim 2 wherein 
said determining whether exception handler frame addresses are in order comprises 

determining whether 

said exception handler frame addresses are 
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successively increasing from 

a first exception handler frame 

located highest on a stack.". 

12. Claim 4 additionally recites the limitation that; "The method of Claim 1 wherein 
said determining whether an exception handling is valid comprises: 

determining whether 

an exception handler 

is in a data area of memory.". 

As per claim 24, this claim is the embodied software claim for the method claim 4 above, 
and is objected to for the same reasons provided for the claim 4 objection; VThe computer 
program product of Claim 22 wherein 

said determining whether an exception handling is valid comprises: 
determining whether 

an exception handler 

is in a data area of memory.". 

13. Claim 5 additionally recites the limitation that; "The method of Claim 4 wherein 
said determining whether an exception handler is in a data area of memory comprises 

determining whether 

a handler address in an exception handler frame 
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points to a page in said data area.". 

14. Claim 6 additionally recites the limitation that; "The method of Claim 1 wherein 
said determining whether an exception handling is valid comprises: 

determining whether 

a previous exception handler frame address 
is invalid.". 

As per claim 25, this claim is the embodied software claim for the method claim 6 above, 
and is objected to for the same reasons provided for the claim 6 objection; "The computer 
program product of Claim 22 wherein 

said determining whether an exception handHng is vaHd comprises: 
determining whether 

a previous exception handler frame address 
is invalid.". 

1 5. Claim 7 additionally recites the limitation that; "The method of Claim 6 wherein 
said detennining whether a previous exception handler frame address is invalid 

comprises 

determining whether 

said previous exception handler frame address 
in an exception handler frame 
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points to a page that 
is invalid.". 



16. Claim 8 additionally recites the limitation that; "The method of Claim 1 wherein 
exception handler frames form a linked list, 

said determining whether an exception handling is valid comprises: 
determining whether 

exception handler frame addresses of said exception handler frames 
are in order.". 

17. Claim 9 additionally recites the limitation that; "The method of Claim 8 wherein 
said determining whether exception handler frame addresses of said exception handler 

frames are in order comprises 

determining whether 

said exception handler frame addresses 
are successively increasing from 

a first exception handler frame 

located highest on a stack, 

said linked list comprising 

said first exception handler frame.". 



18. 



Claim 10 additionally recites the limitation that; "The method of Claim 1 wherein 
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exception handler frames fomi a linked list, 
said determining whether an exception handling is valid comprises: 
determining whether 

any exception handlers associated with 
said exception handler frames 

are in a data area of memory.". 

19. Claim 1 1 additionally recites the limitation that; 'The method of Claim 10 wherein 
said determining whether any exception handlers associated with said exception handler 

frames are in a data area of memory comprises 
determining whether 

any handler addresses in said exception handler frames 
point to a page in said data area.". 

20. Claim 12 additionally recites the limitation that; "The method of Claim 1 wherein 
exception handler frames form a linked list, 

said determining whether an exception handhng is valid comprises: 
detennining whether 

any previous exception handler frame addresses in said exception handler 

frames 

are invaHd.". 
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21. Claim 13 additionally recites the limitation that; "13. The method of Claim 12 wherein 
said determining whether any previous exception handler frame addresses in said 

exception handler frames are invalid comprises 
determining whether 

said any previous exception handler frame addresses in said exception 
handler frames 

point to a page that is invalid.". 

22. Claim 15 additionally recites the limitation that; "The method of Claim 14 wherein 
prior to said taking protective action, said method further comprising 

determining that 

said exception handling 

is not a known false positive exception handling.". 

23. Claim 17 additionally recites the limitation that; "The method of Claim 1 wherein 
said hooking comprises 

hooking a function called 

KiUserExceptionDispatcherQ.". 

24. Claim 1 8 additionally recites the limitation that; "The method of Claim 1 wherein 
said hooking comprises 

modifying said exception handler dispatcher 



Application/Control Number: 10/671,152 
Art Unit: 2136 



Page 



to redirect flow to 

an exception handling validation module/'. 

25. Claim 19 additionally recites the limitation that; "The method of Claim 18 wherein 
said modifying comprises 

inserting a jump instruction into 

said exception handler dispatcher.". 

26. Claim 20 additionally recites the limitation that; "The method of Claim 1 further 
comprising 

invoking said exception handler dispatcher, 
said invoking comprising 

raising an exception.". 
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Conclusion 



27. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861 and unofficial email is Ronald.baum@uspto.gov. The 
examiner can normally be reached Monday through Thursday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami, can be reached at (571) 272-4195. The Fax number for the 
organization where this application is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information for 
unpublished applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ronald Baum 




Patent Examiner 



